Picture credit: http://www.detstar.com
Though the odds of an exploit appear low, this vulnerability in the Mozilla and Firefox browsers just resurfaced after a seven-year hiatus:
|...For a spoofing attempt to work, a surfer would need to have both the attacker's Web site and a trusted Web site open in different windows. A click on a link on the malicious site would then display the attacker's content in a frame on the trusted Web site, Secunia said. The company advised people not to visit trusted and untrusted Web sites at the same time...|
Here's one way a phisher could exploit this weakness:
Nefarious, but feasible.
News.com: Spoofing flaw resurfaces in Mozilla browsers